Marketplace for trusted AI agent skills

Claude Code’s Skill System Just Changed Everything — Here’s What You Need to Know

Four months ago, agent skills were a Claude Code feature that most developers hadn’t heard of. Today there are over 13,000 publicly available skills on ClawHub alone, VS Code Copilot reads SKILL.md files natively, and the AgentSkills.io specification has turned a single-vendor format into a cross-platform standard. The shift happened fast enough that even people paying attention missed some of it.

This article covers what changed, why it matters, and what developers should be doing about it right now.

Table of Contents

A Timeline of the Explosion

Agent Skills launched in October 2025 as part of Claude Code. The idea was straightforward: instead of cramming all your instructions into a system prompt or CLAUDE.md file, you package domain knowledge into a directory with a SKILL.md file. Claude reads the description, decides if the skill is relevant, and loads it when needed.

For the first few months, adoption was modest. A handful of official Anthropic skills existed alongside a small community on ClawHub. Then three things happened in rapid succession:

  1. December 2025GitHub Copilot shipped native Agent Skills support. Skills written for Claude Code in .claude/skills started working in VS Code Copilot with zero changes. One format, two major platforms.
  2. January–February 2026 — Daily skill submissions on ClawHub jumped from under 50 per day to over 500 per day. A 10x increase in weeks, driven partly by Copilot compatibility and partly by community momentum.
  3. March 2, 2026ClawHub’s registry surpassed 13,000 publicly available skills. By late February, curated collections like VoltAgent’s awesome-openclaw-skills list were filtering and categorizing 5,400+ of them.

Then came the catalyst that pushed awareness beyond the early-adopter crowd. On March 17, Anthropic engineer Thariq published a thread about how the Claude Code team uses skills internally. It hit 2.7 million views. We covered the key lessons in our breakdown of that thread — but the broader effect was that it legitimized skills as a serious engineering tool, not just a convenience feature.

The Cross-Platform Moment

The biggest structural shift in the ecosystem isn’t any single skill or marketplace. It’s that agent skills are no longer tied to one tool.

The AgentSkills.io specification defines the format: a directory containing a SKILL.md file with YAML frontmatter (name, description, optional license, compatibility, metadata) followed by markdown instructions. Any tool that reads this format can use the skill.

Here’s what currently supports it:

  • Claude Code — The originator. Skills live in ~/.claude/skills/ or .claude/skills/ in a repo.
  • VS Code Copilot — Reads .claude/skills directories natively. Official documentation links directly to the AgentSkills.io standard.
  • GitHub Copilot CLI and Copilot coding agent — Both support the format through the same VS Code integration.
  • Gemini CLI — Reads skills from ~/.gemini/skills/.
  • Codex CLI, Kiro, Goose, OpenCode — Each supports skills from their own directory paths, all reading the same SKILL.md format.

This portability is the key differentiator between skills and the custom instructions files that preceded them. A CLAUDE.md or .cursorrules file is locked to its tool. A SKILL.md file works everywhere.

What the Spec Actually Requires

The AgentSkills.io specification is deliberately minimal. A valid skill needs exactly two things in its frontmatter:

---
name: my-skill
description: What this skill does and when to use it.
---

Your instructions here.

The name field follows strict rules — lowercase alphanumeric plus hyphens, 1–64 characters, must match the directory name. The description field caps at 1,024 characters and serves as the activation trigger: it’s what the AI reads to decide whether to load the skill.

Everything else — scripts/, references/, config.json, hooks — is optional structure that makes skills more powerful but isn’t required to get started. This low barrier to entry is part of why submissions exploded.

Anthropic’s Skill Creator Gets Testing

On the tooling side, Anthropic released major updates to their skill-creator plugin in early March. The additions address a real gap: most skill authors are domain experts, not software engineers. They know their workflows but had no way to verify whether a skill still worked after a model update, or whether an edit actually improved it.

The updated skill-creator now supports:

  • Eval authoring — Define test scenarios with expected behaviors. No code required; describe what “good” looks like in natural language and skill-creator checks the output against it.
  • Benchmarking — Run standardized assessments that track eval pass rate, elapsed time, and token usage across versions.
  • Multi-agent parallel evaluation — Each eval runs in an independent context to prevent cross-contamination between test runs.
  • A/B comparisons — Compare two skill versions (or skill vs. no skill) using a comparator agent that judges outputs without knowing which version produced them.

Anthropic frames skills in two categories in the blog post: capability uplift skills (teaching the model something it can’t do well natively) and encoded preference skills (sequencing steps the model already knows into your team’s specific workflow). Both benefit from testing, but for different reasons. Capability uplift skills might become unnecessary as models improve — evals tell you when that’s happened. Encoded preference skills need evals to verify they still match your actual workflow as it evolves.

The practical impact is significant. Before this update, “does my skill work?” was answered by trying it a few times and hoping for the best. Now you can run repeatable evaluations, store results locally, and integrate them into CI pipelines.

The Security Question Nobody Wants to Talk About

Growth at this scale comes with problems. A Snyk research study examining the skills supply chain found prompt injection attempts in 36% of sampled skills, with 1,467 malicious payloads identified in what they called the “ToxicSkills” dataset.

This shouldn’t surprise anyone who watched the npm or PyPI ecosystems go through similar growing pains. When publishing is easy and consumption is automated, attackers follow. Skills are particularly attractive targets because they’re loaded directly into an AI agent’s instruction context — a successful injection doesn’t just steal data, it can redirect the agent’s behavior entirely.

What this means in practice:

  • Don’t install skills blindly. Read the SKILL.md before installing. Check the scripts/ directory for anything unexpected.
  • Prefer curated sources. Marketplaces like AgentSkillExchange review submissions before listing them. Open registries offer breadth but less safety.
  • Pin versions. If you’re using a skill in production workflows, pin it to a specific version rather than pulling latest.
  • Watch your agent’s behavior. If a skill causes your agent to make unexpected external requests or access files outside its scope, investigate.

The ecosystem will mature — automated scanning, signed skills, and reputation systems are all being discussed. But right now, vigilance is on you.

What This Means for Developers

If you’ve been on the sidelines, here’s the situation: agent skills have crossed from “interesting experiment” to “standard practice” in about five months. The format is stable, the tooling has real testing support, and the same skill works across Claude Code, VS Code Copilot, Gemini CLI, and a growing list of tools.

Three Things Worth Doing This Week

1. Audit your existing workflow for skill candidates. Any repetitive process that requires context your AI agent doesn’t have natively is a skill candidate. Code review checklists, deployment procedures, API integration patterns for libraries your team uses — these are the highest-value skills because they encode knowledge that’s specific to your environment.

2. Look at what’s already been built. Before creating something new, check whether it exists. Browse the AgentSkillExchange marketplace, search ClawHub, or look through the Anthropic skills repository. The ecosystem is big enough now that duplication is a real waste of effort.

3. If you build a skill, test it. Install the skill-creator plugin and write at least three evals before shipping. This is no longer optional best practice — it’s the difference between a skill that’s useful and one that quietly breaks after the next model update.

What to Watch Next

Several developments are still playing out:

  • More platforms adopting the standard. The AgentSkills.io spec is still early. As more tools adopt it, the value of each skill increases because its reach expands without any rework.
  • Composition and chaining. Skills can already reference other skills by name. The next frontier is skills that compose — a deployment skill that automatically invokes a code review skill before shipping, for instance. Early experiments exist, but the patterns aren’t settled yet.
  • Enterprise marketplaces. Teams are starting to run internal skill registries with access controls and audit logs. Thariq mentioned this pattern in his thread: a sandbox folder where skills prove themselves before being promoted to an internal marketplace.
  • Security infrastructure. Signed skills, automated vulnerability scanning, and provenance tracking are all in development across different organizations. Expect the security story to catch up with the growth story within the next few months.

Frequently Asked Questions

What’s the difference between agent skills and MCP servers?

MCP (Model Context Protocol) servers provide tools and data sources that an agent can call — think API endpoints, database connections, or file system access. Agent skills provide instructions and domain knowledge that shape how the agent thinks and works. They complement each other: a skill might tell Claude how to debug Kubernetes issues while an MCP server provides the actual kubectl access. We’ll cover this distinction in depth in a future post.

Do skills written for Claude Code work in VS Code Copilot?

Yes. GitHub Copilot reads SKILL.md files from the .claude/skills directory in your repository. Skills that follow the AgentSkills.io specification — YAML frontmatter with name and description, followed by markdown instructions — work in both tools without modification. Platform-specific features like hooks may not transfer, but the core instruction content does.

How do I install a skill from AgentSkillExchange?

Clone or download the skill directory into your skills folder. For Claude Code, that’s ~/.claude/skills/skill-name/. For project-specific skills, use .claude/skills/skill-name/ in your repo root. If you’re using the ClawHub CLI, run clawhub install skill-name. Browse available skills at agentskillexchange.com.

Are there quality concerns with community-published skills?

Yes. Snyk’s ToxicSkills research found prompt injection in 36% of a sample of community skills. Stick to curated marketplaces like AgentSkillExchange that review submissions, read the source before installing, and avoid skills with obfuscated instructions or unexplained external requests.

The Bottom Line

Agent skills went from a Claude Code feature to a cross-platform ecosystem standard in under six months. The format is minimal — a directory with a SKILL.md file — but the impact compounds as more tools adopt it and more developers contribute skills that solve real problems.

The quality bar matters. Curated marketplaces, proper testing with skill-creator evals, and careful attention to security are what separate a useful ecosystem from a noisy one. If you’re building skills, build them well. If you’re using skills, choose them carefully.

We’ll be covering the skills ecosystem daily throughout this month — including deep dives into specific skill categories, tutorials for building your own, and spotlights on the most effective skills available today. The step-by-step tutorial we published yesterday is a good place to start if you want to build your first skill this weekend.